Category | Details |
---|---|
Threat Actors | Cl0p ransomware group |
Campaign Overview | Exploitation of a critical vulnerability in Cleo’s managed file transfer software (Cleo Harmony, VLTrader, LexiCom) |
Target Regions/Victims | Businesses globally, particularly those using Cleo’s MFT products |
Methodology | Exploitation of a zero-day vulnerability (CVE-2024-55956) to breach networks and steal data; threat of data leak unless ransom is paid |
Product Targeted | Cleo’s managed file transfer software (Cleo Harmony, VLTrader, LexiCom) |
Malware Reference | Ransomware (Cl0p), SQL injection (CVE-2023-34362, MOVEit incident) |
Tools Used | Zero-day exploit, SQL injection (CVE-2023-34362), web shell (LEMURLOOT) |
Vulnerabilities Exploited | CVE-2024-55956 (Cleo MFT products), CVE-2023-34362 (MOVEit) |
TTPs | – Zero-day exploit – Large-scale data breaches – Threat of public data leaks – Ransom demands |
Attribution | Cl0p ransomware group; previously involved in MOVEit and GoAnywhere breaches |
Recommendations | – Immediate patching of Cleo software – Regular security assessments – Enhanced monitoring for signs of compromise |
Source | Hackread |
Read full article: https://hackread.com/cl0p-ransomware-exploits-cleo-vulnerability-data-leaks/
The above summary has been generated by an AI language model
Leave a Reply